fd01d15d14
Currently, test_novnc validates the websocket upgrade by verifying that the websocket response reports a protocol switch and that the response includes a server name specified in the configuration field vnc_server_header. This explicit server name configuration field introduces a security concern and convolutes the code base. HTTP RFC7231 (https://tools.ietf.org/html/rfc7231) section 6.2.2 says that when switching protocols, the response "MUST generate an Upgrade header field that indicates which protocols will be switched to". This patchset uses this required Upgrade field to validate the websocket upgrade instead of an environment-based configuration field, making the code base cleaner, safer, and more reliable. vnc_server_header is deprecated and necessary release notes are created. Change-Id: I5d3c9bdd0d20a15ade672f276dd0f24b654e3de5 Closes-bug: #1838777 Closes-bug: #1840788 |
||
---|---|---|
.. | ||
notes | ||
source |